1.4 Network attacks

Question 1

What is a rogue access point?

Answer 1

a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker

Question 2

How to prevent a rogue access point?

Answer 2

• period review of the building access point
• use a NAC that require to everybody to authenticate over the network before access it

Question 3

What is a wireless evil twins?

Answer 3

evil twin is a copy of a legitimate access point

Question 4

What is rogue access point vs evil twin?

Answer 4

A rogue access point is an illegitimate access point plugged into a network to create a bypass from outside into the legitimate network. By contrast, an evil twin is a copy of a legitimate access point.

Question 5

How to protect from evil twins?

Answer 5

make sure a vpn is install and the data are encrypted over the network

Question 6

What is bluesnarfing?

Answer 6

form of hacking that lets attackers access a device through its discoverable Bluetooth connection. Once a device or phone is bluebugged, a hacker can listen to the calls, read and send messages and steal and modify contacts

Question 7

What is bluejacking?

Answer 7

Bluejacking is used for sending unauthorized messages to another Bluetooth device. This is not a big security concern

Question 8

What is a wireless disassociation attack?

Answer 8

The attack involves sending forged deauthentication packets to a wireless access point (AP), causing the target device to disconnect from the network.
The attacker sends a large number of deauthentication packets with a spoofed source address to the AP or client device, making it appear as if the packets are coming from the network’s legitimate source. This causes the target device to disconnect from the network and may prevent it from reconnecting for a period of time.
It is used to steal data, do MITM and as a form of DoS,

Question 9

What is a wireless jamming attack?

Answer 9

The jamming attack is one of the serious threats to wireless sensor networks ( WSNs ) using the IEEE 802.15. 4 standard. In such an attack, jammers, who launch the attack, can dramatically degrade the network performance by interfering transmitting packets.

Question 10

What is RFID?

Answer 10

Radio Frequency Identification. Technology use in badge access, line tracking and anything that need to be tracked

Question 11

How RFID technology work ?

Answer 11

An RFID system consists of a tiny radio transponder, a radio receiver and transmitter. When triggered by an electromagnetic interrogation pulse from a nearby RFID reader device, the tag transmits digital data, usually an identifying inventory number, back to the reader. This

Question 12

What are RFID attacks?

Answer 12

• data capture (view communication) done via MITM
• spoof the reader
• Denial of service

Question 13

What is NFC?

Answer 13

NFC, or near-field communication, is a short-range wireless technology that allows your phone to act as a transit pass or credit card, quickly transfer data.

Question 14

What are NFC attacks?

Answer 14

• remote capture of data
• frequency jamming lead to denial of service
• relay/ replay attack

Question 15

What is the difference between NFC and RFID?

Answer 15

NFC is a subset of RFID technology that was initially designed to support short-range communication for mobile devices. Through magnetic field induction, NFC enables two devices to send messages when they’re near one another. Today, NFC is part of all cell phones and most modern credit cards

Question 16

What is on-path attack/MITM?

Answer 16

An on-path attack is an attacker that sits in the middle between two stations and is able to intercept, and in some cases, change that information that’s being sent interactively across the network. This is a type of attack that can occur without anyone knowing that anyone is sitting in the middle of the conversation.

Question 17

What is ARP poisoning and how it is used in MITM?

Answer 17

It is a type of MITM. ARP Poisoning (also known as ARP Spoofing) is a type of cyber attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table. ARP Protocol translates IP addresses into MAC addresses.

Question 18

What is a MAC adress?

Answer 18

Media Access Control: the physical address of a device. Composed of 48 bits/6 bytes long and display in hexadecimal:
- the 1st 3 bytes are the OUI (the manufacturer id)
- the last 3 bytes are the Network Interface Controller-Specific (the serial nb)

Question 19

How LAN switches and MAC are related?

Answer 19

The switches are designed to work at the MAC address level and interpret what’s in the frame. The switches maintain a MAC adress table

Question 20

How MAC address table work in switches?

Answer 20

Switches examing the incoming traffic and adds unknown MAC address to the MAC address table and assign an interface

Question 21

What is MAC flooding?

Answer 21

Attacker starts sending traffic with different source MAC address that will be added to the MAC address table until the table fills up. The switch begins flooding trafic to all interfaces. Attacker can easily capture all network traffic. However flooding can be restricted in the switch’s port security settings

Question 22

What is MAC cloning/ MAC spoofing?

Answer 22

• An attacker changes their MAC address to match the MAC address of an existing device.
• Can create a DoS attack
• Switches have option to stop MAC adress spoofing

Question 23

What are the different type of DNS attacks

Answer 23

• DNS spoofing/ poisoning
• DNS hijacking
• DNS amplication
• DNS tunneling

Question 24

What is DNS poisoning?

Answer 24

Also known as DNS spoofing, this attack involves an attacker injecting fake DNS data into a DNS resolver’s cache, redirecting legitimate traffic to a malicious website or server.

Question 25

What is DNS hijacking?

Answer 25

In this attack, the attacker gains unauthorized access to a DNS server and modifies the DNS records, redirecting legitimate traffic to a malicious website or server.

Question 26

Difference between DNS hijacking and DNS poisoning?

Answer 26

Domain hijacking changes the DNS settings, while DNS poisoning modifies the DNS records.

Domain hijacking occurs when an attacker gains control of a domain name and changes its DNS settings.

DNS poisoning occurs when an attacker modifies a DNS server’s records so that it resolves queries incorrectly.

Question 27

What is DNS amplification?

Answer 27

In this attack, the attacker spoofs the victim’s IP address and sends DNS queries to open DNS resolvers, which then respond to the victim with amplified responses, causing a denial-of-service (DoS) attack.

Question 28

What is a DoS attack?

Answer 28

attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash

Question 29

What is a DDoS ?

Answer 29

attack occurs when multiple machines are operating together to attack one target. DDoS attackers often leverage the use of a botnet—a group of hijacked internet-connected devices to carry out large scale attacks

Question 30

What are common denial-of-service attacks?

Answer 30

• Smurf Attack
• SYN flood
• Fill the disk space

Question 31

How to prevent DoS attack?

Answer 31

• Install and maintain antivirus software.
• Install a firewall and configure it

Question 32

What is a DNS tunneling attack?

Answer 32

In this attack, the attacker creates a covert communication channel over DNS, allowing them to bypass network security measures and exfiltrate sensitive data.